Vulnerabilities > CVE-2003-0449 - Local Security vulnerability in Progress Database 9.1

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
progress
exploit available

Summary

Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.

Vulnerable Configurations

Part Description Count
Application
Progress
1

Exploit-Db

descriptionProgress Database 9.1 Environment Variable Local Privilege Escalation Vulnerability. CVE-2003-0449. Local exploit for linux platform
idEDB-ID:22773
last seen2016-02-02
modified2003-06-14
published2003-06-14
reporterkf
sourcehttps://www.exploit-db.com/download/22773/
titleProgress Database 9.1 - Environment Variable Local Privilege Escalation Vulnerability